Vulnerability Assessment Tools

NetSPI consultants dedicate time and resources to develop open-sourced tool sets that strengthen the infosec community.

goddi (Go Dump Domain Info)

These tools are a great starting point for gaining insight into an Active Directory environment.

Read about the goddi tool on our blog. 
Learn more on our GitHub page.

NetSPI SQL Injection Wiki

This wiki’s mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.

Read about the SQL Injection Wiki on our blog
Learn more on our SQL Injection Wiki

Invoke-SqlServer-Persist-TriggerDDL.psm1

This script can be used to backdoor a Windows system using a SQL Server DDL event triggers. As a result, the associated TSQL will execute when any DDL_SERVER_LEVEL_EVENTS that occur.

Read about Invoke-SqlServer-Persist-TriggerDDL.psm1 on our blog
Download Invoke-SqlServer-Persist-TriggerDDL.psm1 from GitHub

mssql_escalate_execute_as_sqli.rb

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user via error based SQL injection. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges.

Read about mssql_escalate_execute_as_sqli.rb on our blog
Download mssql_escalate_execute_as_sqli.rb from GitHub

mssql_escalate_execute_as.rb

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges.

Read about mssql_escalate_execute_as.rb on our blog
Download mssql_escalate_execute_as.rb from GitHub

JavaSerialKiller

Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator.

Read about JavaSerialKiller on our blog
Download JavaSerialKiller from GitHub

WebLogicPasswordDecryptor

PowerShell module and Java code to decrypt WebLogic passwords.

Read about WebLogicPasswordDecryptor on our blog
Download WebLogicPasswordDecryptor from GitHub

Close
888.270.0317 sales@netspi.com